IPtables is vast topic which can not be dealt in one post I will be posting this IPtables in different posts but will link all of them

IPtables basics

Iptables is a securit module in Linux kernel, this Iptables can be used a firewall(filter table),Internet sharing(NAT table),For altering Type Of Service(mangle table) and for non tracking purpose(Raw table)

Firewall definition:

A firewall is a security system consisting of a combination of hardware and software that limits the exposure of a computer or computer network to attack from crackers; commonly used on local area networks that are connected to the internet. This is acheived by Filter table

Internetsharing definition:

An Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box located where the LAN meets the Internet makes all necessary IP address translations.

Mangling definition:

 Mangling is defined as changing the Type of service value in IP header packet to get the desired values such as decreasing latency(for example telnet,ssh should required less latency) etc. This table is used for imporving some services performance

Non tracking packets definition:

Most of the system/network activitis are logged in some logs, if we want our packets to be not monitored we can use this table, This raw table(which is introduced in 2.6 version linux kernel for some special feature) will set value on each packet not to track where this packet is coming and going.

IPtables is nothing but a set of tables

A table is set of chains and target values.
A chain is nothing but a rule on a packet wether to forword or drop or Reject etc
A rule is nothing but setting a criteria for packet.

Iptables will work on targeting IP packets and chains
These targets may be

  2. DROP
  4. SNAT
  5. DNAT
  11. DSCP
  12. ECN
  13. LOG
  14. MARK
  16. MIRROR
  17. NETMAP
  19. ROUTE
  20. SET
  21. TCPMSS
  22. TOS
  23. TRACE
  24. TTL
  25. ULOG

these chains may be
  1. INPUT (for packets destined to local sockets),
  2. FORWARD (for packets being routed through the box),
  3. OUTPUT (for locally-generated packets)
  4. PREROUTING (for altering packets as soon as they come in),
  5. POSTROUTING (for altering packets as they are about to go out).
in next post I will be giving some explination to this targets and chains with some practical exampls, thanks for reading the blog and commenting.

  • Like the post? Please Subscribe to free RSS feed to get updates
  • Archive

    Translate this page


    The Linux Juggernaut | Copyright 2006-2009 Surendra Kumar Anne | Surendra's Home Page | Give us feedback how we are doing, Click here